I've been doing reasearch and reading, and started using a GUI for my CA called OpenCA. Using this, I have created some certs cacert.pem cacert.key (Private Key) A variety of Host certs in the format of host-cert.pem and host-key.pem. (A Prublic/Private key per host.) Here is my Xsupplicant.conf eap_tls { user_key = "/etc/pki/tls/Pukey/kurama-cert.pem" user_key_pass = "" root_cert = "/etc/pki/tls/Pukey/cacert.pem" root_dir = "/etc/pki/tls/Pukey/" chunk_size = 1398 random_file = "/dev/random/" session_resume = yes And here is eap.conf's relaventy section private_key_file = /etc/pki/tls/Pukey/kurama-key.pem certificate_file = /etc/pki/tls/Pukey/kurama-cert.pem CA_file = /etc/pki/tls/Pukey/cacert.pem dh_file = ${raddbdir}/certs/dh This produces the following: OpenSSL Error -- error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Library : SSL routines Function : SSL3_GET_SERVER_CERTIFICATE Reason : certificate verify failed Help?